Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command substitution. Local attacker could gain arbitrary code execution via bogus setuid binaries using system/popen by specially crafting SHELLOPTS+PS4 environment variables. Fixed In Version: bash 4.4